ORA：00933 SQL命令在JSP中未正確結束異常？

Question

我已經使用jQuery創建自動完成的文本框，但我得到ORA：在我的jsp page..This 00933 SQL命令不正確地結束例外是我的代碼

autocompleteTB.html

<html xmlns="http://www.w3.org/1999/xhtml"> 
    <head> 
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>jQuery Auto Complete</title> 
<script type="text/javascript" src="jquery-1.4.2.js"></script> 
<script type="text/javascript"> 
function lookup(inputString) { 
if(inputString.length == 0) { 
$('#suggestions').hide(); 
} else { 
$.post("states.jsp", {queryString: ""+inputString+""}, function(data){ 
if(data.length >0) { 
$('#suggestions').show(); 
$('#autoSuggestionsList').html(data); 
} 
}); 
} 
} 
function fill(thisValue) { 
$('#inputString').val(thisValue); 
setTimeout("$('#suggestions').hide();", 200); 
} 
</script> 
<style type="text/css"> 
body { 
font-family: Helvetica; 
font-size: 13px; 
color: #000; 
} 
h3 { 
margin: 0px; 
padding: 0px; 
} 
.suggestionsBox { 
    position: relative; 
    left: 260px; 
    margin: 0px 0px 0px 0px; 
    width: 200px; 
    background-color: #7845DD; 
    -moz-border-radius: 7px; 
    -webkit-border-radius: 7px; 
    border: 2px solid #000; 
    color: #fff; 
    } 
    .suggestionList { 
    margin: 0px; 
    padding: 0px; 
    } 
    .suggestionList li { 
    margin: 0px 0px 3px 0px; 
    padding: 3px; 
    cursor: pointer; 
    } 
    .suggestionList li:hover { 
    background-color: #DD45CD; 
    } 
    </style> 
    </head> 
    <body> 
    <div> 
    <form> 
    <div> <h3><font color="red">Name</font></h3> 
    <br /> Enter Name to see auto complete 
    <input type="text" size="30" value="" id="inputString" onkeyup="lookup   (this.value);" onblur="fill();" /> 
    </div> 
    <div class="suggestionsBox" id="suggestions" style="display: none;"> 
    <div class="suggestionList" id="autoSuggestionsList"> 
    </div> 
    </div> 
    </form> 
    </div> 
    </body> 
     </html> 

status.jsp

<%@ page language="java" import="java.sql.*" %> 
    <% response.setContentType("text/html");%> 
    <% 
    String str=request.getParameter("queryString"); 
    try { 
    String connectionURL = "jdbc:oracle:thin:@localhost:1521:root"; 
    Connection con; 
    Class.forName("oracle.jdbc.driver.OracleDriver"); 
    // Get a Connection to the database 
    con = DriverManager.getConnection(connectionURL, "dummy", "dummy"); 
    //Add the data into the database 
    String sql = "SELECT Name FROM Employee WHERE Name LIKE '"+str+"%' LIMIT 12"; 
    Statement stm = con.createStatement(); 
    stm.executeQuery(sql); 
    ResultSet rs= stm.getResultSet(); 
    while (rs.next()){ 
    out.println("<li onclick='fill("+rs.getString("Name")+");'>"+rs.getString("Name") +"</i>"); 
    } 
    } 
    catch (Exception e){ 
    out.println("Any Exception: " +e.getMessage()); 
    } 
    %> 

以上code..when我在文本框中輸入一個名字......它顯示了SQL異常...請任何人都看着我的代碼，並糾正我......我堅持。

Answer 1

Oracle中沒有LIMIT子句。

你可以使用

SELECT Name FROM Employee WHERE Name LIKE ? and rownum < 13 

除此之外，你有相當的SQL注入漏洞存在。